The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Computer organization and design (2nd ed.): the hardware/software interface
Computer organization and design (2nd ed.): the hardware/software interface
PCI System Architecture
Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Using Independent Auditors as Intrusion Detection Systems
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
Understanding the Linux Kernel, Second Edition
Understanding the Linux Kernel, Second Edition
Self-Nonself Discrimination in a Computer
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
A secure and reliable bootstrap architecture
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
LOMAC: Low Water-Mark Integrity Protection for COTS Environments
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Impact of PCI-Bus Load on Applications in a PC Architecture
RTSS '03 Proceedings of the 24th IEEE International Real-Time Systems Symposium
SubDomain: Parsimonious Server Security
LISA '00 Proceedings of the 14th USENIX conference on System administration
Secure coprocessor-based intrusion detection
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
An open-source cryptographic coprocessor
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Secure coprocessor integration with kerberos V5
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Detecting and countering system intrusions using software wrappers
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Improving DES coprocessor throughput for short operations
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Establishing the genuinity of remote computer systems
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Secure coprocessors in electronic commerce applications
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
Confining root programs with domain and type enforcement (DTE)
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
SLIC: an extensibility system for commodity operating systems
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Hardware-Assisted Circumvention of Self-Hashing Software Tamper Resistance
IEEE Transactions on Dependable and Secure Computing
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
Risks of live digital forensic analysis
Communications of the ACM - Next-generation cyber forensics
Using VMM-based sensors to monitor honeypots
Proceedings of the 2nd international conference on Virtual execution environments
Principles-driven forensic analysis
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Speculative virtual verification: policy-constrained speculative execution
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Manitou: a layer-below approach to fighting malware
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Towards a tamper-resistant kernel rootkit detector
Proceedings of the 2007 ACM symposium on Applied computing
Fast user-mode rootkit scanner for the enterprise
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Leveraging good intentions to reduce unwanted network traffic
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Towards a VMM-based usage control framework for OS kernel integrity protection
Proceedings of the 12th ACM symposium on Access control models and technologies
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
IEEE Pervasive Computing
Linux kernel integrity measurement using contextual inspection
Proceedings of the 2007 ACM workshop on Scalable trusted computing
Automated detection of persistent kernel control-flow attacks
Proceedings of the 14th ACM conference on Computer and communications security
Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction
Proceedings of the 14th ACM conference on Computer and communications security
On the difficulty of validating voting machine software with software
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Is a bot at the controls?: Detecting input data attacks
Proceedings of the 6th ACM SIGCOMM workshop on Network and system support for games
VMM-based hidden process detection and identification using Lycosid
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Self-signed executables: restricting replacement of program binaries by malware
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Journal of Computer Security - The Third IEEE International Symposium on Security in Networks and Distributed Systems
A hypervisor-based system for protecting software runtime memory and persistent storage
Proceedings of the 2008 Spring simulation multiconference
TOCTOU, Traps, and Trusted Computing
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Architecting Dependable and Secure Systems Using Virtualization
Architecting Dependable Systems V
Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Countering Persistent Kernel Rootkits through Systematic Hook Discovery
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Improving coherency of runtime integrity measurement
Proceedings of the 3rd ACM workshop on Scalable trusted computing
SMM rootkits: a new breed of OS independent malware
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Attestation: Evidence and Trust
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Hypervisor support for identifying covertly executing binaries
SS'08 Proceedings of the 17th conference on Security symposium
Multi-aspect profiling of kernel rootkit behavior
Proceedings of the 4th ACM European conference on Computer systems
Transparent Process Monitoring in a Virtual Environment
Electronic Notes in Theoretical Computer Science (ENTCS)
SHARK: Architectural support for autonomic protection against stealth by rootkit exploits
Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture
Shepherding Loadable Kernel Modules through On-demand Emulation
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Fides: remote anomaly-based cheat detection using client emulation
Proceedings of the 16th ACM conference on Computer and communications security
Countering kernel rootkits with lightweight hook protection
Proceedings of the 16th ACM conference on Computer and communications security
Mapping kernel objects to enable systematic integrity checking
Proceedings of the 16th ACM conference on Computer and communications security
Cloud security is not (just) virtualization security: a short paper
Proceedings of the 2009 ACM workshop on Cloud computing security
Toward Revealing Kernel Malware Behavior in Virtual Execution Environments
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
ACM Transactions on Information and System Security (TISSEC)
Rootkits on smart phones: attacks, implications and opportunities
Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications
Defeating return-oriented rootkits with "Return-Less" kernels
Proceedings of the 5th European conference on Computer systems
Filesystem activity following a SSH compromise: an empirical study of file sequences
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
A forced sampled execution approach to kernel rootkit identification
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
HyperSentry: enabling stealthy in-context measurement of hypervisor integrity
Proceedings of the 17th ACM conference on Computer and communications security
A control point for reducing root abuse of file-system privileges
Proceedings of the 17th ACM conference on Computer and communications security
Hardware trust implications of 3-D integration
WESS '10 Proceedings of the 5th Workshop on Embedded Systems Security
Key attestation from trusted execution environments
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
HyperCheck: a hardware-assisted integrity monitor
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Kernel malware analysis with un-tampered and temporal views of dynamic kernel memory
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
VM-based security overkill: a lament for applied systems security research
Proceedings of the 2010 workshop on New security paradigms
Forenscope: a framework for live forensics
Proceedings of the 26th Annual Computer Security Applications Conference
ICISS'10 Proceedings of the 6th international conference on Information systems security
Characterizing kernel malware behavior with kernel data access patterns
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs
Proceedings of the Fourth European Workshop on System Security
Short paper: lightweight remote attestation using physical functions
Proceedings of the fourth ACM conference on Wireless network security
Security versus energy tradeoffs in host-based mobile malware detection
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
TRESOR runs encryption securely outside RAM
SEC'11 Proceedings of the 20th USENIX conference on Security
CyberGuarder: A virtualization security assurance architecture for green cloud computing
Future Generation Computer Systems
Hello rootKitty: a lightweight invariance-enforcing framework
ISC'11 Proceedings of the 14th international conference on Information security
Remote software-based attestation for wireless sensors
ESAS'05 Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor Networks
Trusted virtual domains – design, implementation and lessons learned
INTRUST'09 Proceedings of the First international conference on Trusted Systems
TruWalletM: secure web authentication on mobile platforms
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
What if you can't trust your network card?
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Scalable integrity-guaranteed AJAX
APWeb'12 Proceedings of the 14th Asia-Pacific international conference on Web Technologies and Applications
A survey of main memory acquisition and analysis techniques for the windows operating system
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Surreptitious Deployment and Execution of Kernel Agents in Windows Guests
CCGRID '12 Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012)
Verifying system integrity by proxy
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Vigilare: toward snoop-based kernel integrity monitor
Proceedings of the 2012 ACM conference on Computer and communications security
JMF: Java measurement framework: language-supported runtime integrity measurement
Proceedings of the seventh ACM workshop on Scalable trusted computing
DIONE: a flexible disk monitoring and analysis framework
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
TRESOR-HUNT: attacking CPU-bound encryption
Proceedings of the 28th Annual Computer Security Applications Conference
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Proceedings of the ACM International Conference on Computing Frontiers
Enforcing system-wide control flow integrity for exploit detection and diagnosis
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Characterizing hypervisor vulnerabilities in cloud computing servers
Proceedings of the 2013 international workshop on Security in cloud computing
CPU transparent protection of OS kernel and hypervisor integrity with programmable DRAM
Proceedings of the 40th Annual International Symposium on Computer Architecture
FORTUNA-A framework for the design and development of hardware-based secure systems
Journal of Systems and Software
Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection
ACM Transactions on Information and System Security (TISSEC)
Implementation and implications of a stealth hard-drive backdoor
Proceedings of the 29th Annual Computer Security Applications Conference
KI-Mon: a hardware-assisted event-triggered monitoring platform for mutable kernel object
SEC'13 Proceedings of the 22nd USENIX conference on Security
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
CloRExPa: Cloud resilience via execution path analysis
Future Generation Computer Systems
Real-time deep virtual machine introspection and its applications
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
| Hi-index | 0.00 |
Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host's kernel and has correctly detected the presence of 12 real-world rootkits, each within 30 seconds of their installation with less than a 1% penalty to the host's performance. Copilot requires no modifications to the protected host's software and can be expected to operate correctly even when the host kernel is thoroughly compromised - an advantage over traditional monitors designed to run on the host itself.